com.azure.security.keyvault.administration.KeyVaultAccessControlClient Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-security-keyvault-administration Show documentation
Show all versions of azure-security-keyvault-administration Show documentation
This module contains client library for Microsoft Azure KeyVault Administration.
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
package com.azure.security.keyvault.administration;
import com.azure.core.annotation.ReturnType;
import com.azure.core.annotation.ServiceClient;
import com.azure.core.annotation.ServiceMethod;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.rest.PagedIterable;
import com.azure.core.http.rest.PagedResponse;
import com.azure.core.http.rest.Response;
import com.azure.core.http.rest.SimpleResponse;
import com.azure.core.util.Context;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.administration.implementation.KeyVaultAccessControlClientImpl;
import com.azure.security.keyvault.administration.implementation.KeyVaultAdministrationUtils;
import com.azure.security.keyvault.administration.implementation.KeyVaultErrorCodeStrings;
import com.azure.security.keyvault.administration.implementation.models.KeyVaultErrorException;
import com.azure.security.keyvault.administration.implementation.models.RoleAssignment;
import com.azure.security.keyvault.administration.implementation.models.RoleAssignmentCreateParameters;
import com.azure.security.keyvault.administration.implementation.models.RoleDefinition;
import com.azure.security.keyvault.administration.implementation.models.RoleDefinitionCreateParameters;
import com.azure.security.keyvault.administration.models.KeyVaultAdministrationException;
import com.azure.security.keyvault.administration.models.KeyVaultRoleAssignment;
import com.azure.security.keyvault.administration.models.KeyVaultRoleDefinition;
import com.azure.security.keyvault.administration.models.KeyVaultRoleScope;
import com.azure.security.keyvault.administration.models.SetRoleDefinitionOptions;
import reactor.core.publisher.Mono;
import java.net.URL;
import java.util.Objects;
import java.util.UUID;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.enableSyncRestProxy;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.swallowExceptionForStatusCodeSync;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateAndGetRoleAssignmentCreateParameters;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateAndGetRoleDefinitionCreateParameters;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateRoleAssignmentParameters;
import static com.azure.security.keyvault.administration.KeyVaultAdministrationUtil.validateRoleDefinitionParameters;
/**
* The {@link KeyVaultAccessControlClient} provides synchronous methods to view and manage Role Based Access for a
* key vault. The client supports creating, listing, updating, and deleting
* {@link KeyVaultRoleDefinition role definitions} and {@link KeyVaultRoleAssignment role assignments}.
*
* Getting Started
*
* In order to interact with the Azure Key Vault service, you will need to create an instance of the
* {@link KeyVaultAccessControlClient} class, a vault url and a credential object.
*
* The examples shown in this document use a credential object named DefaultAzureCredential for authentication,
* which is appropriate for most scenarios, including local development and production environments. Additionally,
* we recommend using a
*
* managed identity for authentication in production environments.
* You can find more information on different ways of authenticating and their corresponding credential types in the
*
* Azure Identity documentation".
*
* Sample: Construct Synchronous Access Control Client
*
* The following code sample demonstrates the creation of a {@link KeyVaultAccessControlClient}, using the
* {@link KeyVaultAccessControlClientBuilder} to configure it.
*
*
*
* KeyVaultAccessControlClient keyVaultAccessControlClient = new KeyVaultAccessControlClientBuilder()
* .vaultUrl("<your-managed-hsm-url>")
* .credential(new DefaultAzureCredentialBuilder().build())
* .buildClient();
*
*
*
*
*
*
* Set a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to set a role definition in the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously create a role definition in the key vault, using the
* {@link KeyVaultAccessControlClient#setRoleDefinition(KeyVaultRoleScope)} API.
*
*
*
* KeyVaultRoleDefinition roleDefinition = keyVaultAccessControlClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL);
*
* System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n",
* roleDefinition.getName(), roleDefinition.getRoleName());
*
*
*
* Note: For the asynchronous sample, refer to {@link KeyVaultAccessControlAsyncClient}.
*
*
*
*
*
* Get a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to retrieve a role definition from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously retrieve a role definition from the key vault, using
* the {@link KeyVaultAccessControlClient#getRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleDefinitionName = "de8df120-987e-4477-b9cc-570fd219a62c";
* KeyVaultRoleDefinition roleDefinition =
* keyVaultAccessControlClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(),
* roleDefinition.getRoleName());
*
*
*
* Note: For the asynchronous sample, refer to {@link KeyVaultAccessControlAsyncClient}.
*
*
*
*
*
* Delete a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to delete a role definition from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously delete a role definition from the key vault, using
* the {@link KeyVaultAccessControlClient#deleteRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleDefinitionName = "6a709e6e-8964-4012-a99b-6b0131e8ce40";
*
* keyVaultAccessControlClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName);
*
*
*
* Note: For the asynchronous sample, refer to {@link KeyVaultAccessControlAsyncClient}.
*
*
*
*
*
* Create a Role Assignment
* The {@link KeyVaultAccessControlClient} can be used to set a role assignment in the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously create a role assignment in the key vault, using the
* {@link KeyVaultAccessControlClient#createRoleAssignment(KeyVaultRoleScope, String, String)} API.
*
*
*
* String roleDefinitionId = "b0b43a39-920c-475b-b34c-32ecc2bbb0ea";
* String servicePrincipalId = "169d6a86-61b3-4615-ac7e-2da09edfeed4";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId,
* servicePrincipalId);
*
* System.out.printf("Created role assignment with randomly generated name '%s' for principal with id '%s'.%n",
* roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId());
*
*
*
* Note: For the asynchronous sample, refer to {@link KeyVaultAccessControlAsyncClient}.
*
*
*
*
*
* Get a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to retrieve a role assignment from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously retrieve a role assignment from the key vault, using
* the {@link KeyVaultAccessControlClient#getRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleAssignmentName = "06d1ae8b-0791-4f02-b976-f631251f5a95";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName());
*
*
*
* Note: For the asynchronous sample, refer to {@link KeyVaultAccessControlAsyncClient}.
*
*
*
*
*
* Delete a Role Definition
* The {@link KeyVaultAccessControlClient} can be used to delete a role assignment from the key vault.
*
* Code Sample:
* The following code sample demonstrates how to asynchronously delete a role assignment from the key vault, using
* the {@link KeyVaultAccessControlClient#deleteRoleDefinition(KeyVaultRoleScope, String)} API.
*
*
*
* String roleAssignmentName = "c3ed874a-64a9-4a87-8581-2a1ad84b9ddb";
*
* keyVaultAccessControlClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName);
*
*
*
* Note: For the asynchronous sample, refer to {@link KeyVaultAccessControlAsyncClient}.
*
* @see com.azure.security.keyvault.administration
* @see KeyVaultAccessControlClientBuilder
*/
@ServiceClient(builder = KeyVaultAccessControlClientBuilder.class)
public final class KeyVaultAccessControlClient {
/**
* The logger to be used.
*/
private static final ClientLogger LOGGER = new ClientLogger(KeyVaultAccessControlClient.class);
/**
* The underlying AutoRest client used to interact with the Key Vault service.
*/
private final KeyVaultAccessControlClientImpl clientImpl;
/**
* The Key Vault URL this client is associated to.
*/
private final String vaultUrl;
/**
* The Key Vault Administration Service version to use with this client.
*/
private final String serviceVersion;
/**
* The {@link HttpPipeline} powering this client.
*/
private final HttpPipeline pipeline;
/**
* Package private constructor to be used by {@link KeyVaultAccessControlClientBuilder}.
*/
KeyVaultAccessControlClient(URL vaultUrl, HttpPipeline httpPipeline,
KeyVaultAdministrationServiceVersion serviceVersion) {
Objects.requireNonNull(vaultUrl, KeyVaultErrorCodeStrings.VAULT_END_POINT_REQUIRED);
this.vaultUrl = vaultUrl.toString();
this.serviceVersion = serviceVersion.getVersion();
this.pipeline = httpPipeline;
clientImpl = new KeyVaultAccessControlClientImpl(httpPipeline, this.serviceVersion);
}
/**
* Gets the URL for the Key Vault this client is associated with.
*
* @return The Key Vault URL.
*/
public String getVaultUrl() {
return this.vaultUrl;
}
/**
* Get all {@link KeyVaultRoleDefinition role definitions} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* Code Samples
* Lists all {@link KeyVaultRoleDefinition role definitions}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definitions}.
*
*
* PagedIterable<KeyVaultRoleDefinition> roleDefinitions =
* keyVaultAccessControlClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL);
*
* roleDefinitions.forEach(roleDefinition ->
* System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope roleScope} of the {@link KeyVaultRoleDefinition role definitions}.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleDefinition role definitions} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable listRoleDefinitions(KeyVaultRoleScope roleScope) {
return listRoleDefinitions(roleScope, Context.NONE);
}
/**
* Get all {@link KeyVaultRoleDefinition role definitions} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* Code Samples
* Lists all {@link KeyVaultRoleDefinition role definitions}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definitions}.
*
*
* PagedIterable<KeyVaultRoleDefinition> keyVaultRoleDefinitions =
* keyVaultAccessControlClient.listRoleDefinitions(KeyVaultRoleScope.GLOBAL, new Context("key1", "value1"));
*
* keyVaultRoleDefinitions.forEach(roleDefinition ->
* System.out.printf("Retrieved role definition with name '%s'.%n", roleDefinition.getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope scope} of the {@link KeyVaultRoleDefinition role definitions}.
* @param context Additional {@link Context} that is passed through the HTTP pipeline during the service call.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleDefinition role definitions} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable listRoleDefinitions(KeyVaultRoleScope roleScope, Context context) {
final Context contextToUse = enableSyncRestProxy(context);
return new PagedIterable<>(
() -> listRoleDefinitionsFirstPage(vaultUrl, roleScope, contextToUse),
continuationToken -> listRoleDefinitionsNextPage(continuationToken, contextToUse));
}
/**
* Lists all {@link KeyVaultRoleDefinition role definitions} in the first page that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param vaultUrl The URL for the Key Vault this client is associated with.
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleDefinition role definitions}
* for the given {@link KeyVaultRoleScope role scope} from the first page of results.
*
* @throws KeyVaultAdministrationException If the given {@code vaultUrl} or {@code roleScope} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
PagedResponse listRoleDefinitionsFirstPage(String vaultUrl,
KeyVaultRoleScope roleScope,
Context context) {
Objects.requireNonNull(roleScope,
String.format(KeyVaultErrorCodeStrings.PARAMETER_REQUIRED, "'roleScope'"));
try {
PagedResponse roleDefinitionPagedResponse = clientImpl.getRoleDefinitions()
.listSinglePage(vaultUrl, roleScope.toString(), null,
context);
return KeyVaultAdministrationUtil.transformRoleDefinitionsPagedResponse(roleDefinitionPagedResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Lists all {@link KeyVaultRoleDefinition role definitions} given by the {@code nextPageLink} that was retrieved
* from a call to
* {@link KeyVaultAccessControlClient#listRoleDefinitionsFirstPage(String, KeyVaultRoleScope, Context)}.
*
* @param continuationToken The {@link PagedResponse#getContinuationToken() continuationToken} from a previous,
* successful call to one of the {@code listKeyVaultRoleDefinitions} operations.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleDefinition role definitions}
* for the given {@link KeyVaultRoleScope role scope} from the next page of results.
*
* @throws KeyVaultAdministrationException If the given {@code continuationToken} is invalid.
*/
PagedResponse listRoleDefinitionsNextPage(String continuationToken, Context context) {
try {
PagedResponse roleDefinitionPagedResponse = clientImpl.getRoleDefinitions()
.listNextSinglePage(continuationToken, vaultUrl, context);
return KeyVaultAdministrationUtil.transformRoleDefinitionsPagedResponse(roleDefinitionPagedResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Creates a {@link KeyVaultRoleDefinition role definition} with a randomly generated name.
*
* Code Samples
* Creates a {@link KeyVaultRoleDefinition role definition} with a randomly generated name. Prints out the
* details of the created {@link KeyVaultRoleDefinition role definition}.
*
*
* KeyVaultRoleDefinition roleDefinition = keyVaultAccessControlClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL);
*
* System.out.printf("Created role definition with randomly generated name '%s' and role name '%s'.%n",
* roleDefinition.getName(), roleDefinition.getRoleName());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
*
* @return The created {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope) {
return setRoleDefinition(roleScope, UUID.randomUUID().toString());
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition} with a given name. If no name is provided,
* then a {@link KeyVaultRoleDefinition role definition} will be created with a randomly generated name.
*
* Code Samples
* Creates or updates a {@link KeyVaultRoleDefinition role definition} with a given generated name. Prints out
* the details of the created {@link KeyVaultRoleDefinition role definition}.
*
*
* String myRoleDefinitionName = "b67c3cf4-cbfd-451e-89ab-97c01906a2e0";
* KeyVaultRoleDefinition myRoleDefinition =
* keyVaultAccessControlClient.setRoleDefinition(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName);
*
* System.out.printf("Set role definition with name '%s' and role name '%s'.%n", myRoleDefinition.getName(),
* myRoleDefinition.getRoleName());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}. It can be any valid
* UUID. If {@code null} is provided, a name will be randomly generated.
*
* @return The created or updated {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleDefinition setRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return setRoleDefinitionWithResponse(new SetRoleDefinitionOptions(roleScope, roleDefinitionName), Context.NONE)
.getValue();
}
/**
* Creates or updates a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Creates or updates a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response} and the created {@link KeyVaultRoleDefinition role definition}.
*
*
* String roleDefinitionName = "a86990e4-2080-4666-bd36-6e1664d3706f";
*
* List<KeyVaultRoleScope> assignableScopes = new ArrayList<>();
* assignableScopes.add(KeyVaultRoleScope.GLOBAL);
* assignableScopes.add(KeyVaultRoleScope.KEYS);
*
* List<KeyVaultDataAction> dataActions = new ArrayList<>();
* dataActions.add(KeyVaultDataAction.START_HSM_RESTORE);
* dataActions.add(KeyVaultDataAction.START_HSM_BACKUP);
* dataActions.add(KeyVaultDataAction.READ_HSM_BACKUP_STATUS);
* dataActions.add(KeyVaultDataAction.READ_HSM_RESTORE_STATUS);
* dataActions.add(KeyVaultDataAction.BACKUP_HSM_KEYS);
* dataActions.add(KeyVaultDataAction.RESTORE_HSM_KEYS);
*
* List<KeyVaultPermission> permissions = new ArrayList<>();
* permissions.add(new KeyVaultPermission(null, null, dataActions, null));
*
* SetRoleDefinitionOptions setRoleDefinitionOptions =
* new SetRoleDefinitionOptions(KeyVaultRoleScope.GLOBAL, roleDefinitionName)
* .setRoleName("Backup and Restore Role Definition")
* .setDescription("Can backup and restore a whole Managed HSM, as well as individual keys.")
* .setAssignableScopes(assignableScopes)
* .setPermissions(permissions);
*
* Response<KeyVaultRoleDefinition> response =
* keyVaultAccessControlClient.setRoleDefinitionWithResponse(setRoleDefinitionOptions,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role name '%s' "
* + "was set.%n", response.getStatusCode(), response.getValue().getName(), response.getValue().getRoleName());
*
*
*
* @param options Object representing the configurable options to create or update a
* {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} whose {@link Response#getValue() value} contains the created or updated
* {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If any parameter in {@code options} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName}
* in the {@link SetRoleDefinitionOptions options} object are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response setRoleDefinitionWithResponse(SetRoleDefinitionOptions options,
Context context) {
context = enableSyncRestProxy(context);
RoleDefinitionCreateParameters parameters = validateAndGetRoleDefinitionCreateParameters(options);
try {
Response roleDefinitionResponse = clientImpl.getRoleDefinitions()
.createOrUpdateWithResponse(vaultUrl, options.getRoleScope().toString(),
options.getRoleDefinitionName(), parameters,
context);
return KeyVaultAdministrationUtil.transformRoleDefinitionResponse(roleDefinitionResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Gets a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the retrieved
* {@link KeyVaultRoleDefinition role definition}.
*
*
* String roleDefinitionName = "de8df120-987e-4477-b9cc-570fd219a62c";
* KeyVaultRoleDefinition roleDefinition =
* keyVaultAccessControlClient.getRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Retrieved role definition with name '%s' and role name '%s'.%n", roleDefinition.getName(),
* roleDefinition.getRoleName());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name used of the {@link KeyVaultRoleDefinition role definition}.
*
* @return The retrieved {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleDefinition getRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
return getRoleDefinitionWithResponse(roleScope, roleDefinitionName, Context.NONE).getValue();
}
/**
* Gets a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Gets a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response} and the retrieved {@link KeyVaultRoleDefinition role definition}.
*
*
* String myRoleDefinitionName = "cb15ef18-b32c-4224-b048-3a91cd68acc3";
* Response<KeyVaultRoleDefinition> response =
* keyVaultAccessControlClient.getRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' and role name '%s'"
* + " was retrieved.%n", response.getStatusCode(), response.getValue().getName(),
* response.getValue().getRoleName());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} whose {@link Response#getValue() value} contains the
* retrieved {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleDefinition role definition} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response getRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName, Context context) {
validateRoleDefinitionParameters(roleScope, roleDefinitionName);
try {
context = enableSyncRestProxy(context);
Response roleDefinitionResponse = clientImpl.getRoleDefinitions()
.getWithResponse(vaultUrl, roleScope.toString(), roleDefinitionName,
context);
return KeyVaultAdministrationUtil.transformRoleDefinitionResponse(roleDefinitionResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
*
* String roleDefinitionName = "6a709e6e-8964-4012-a99b-6b0131e8ce40";
*
* keyVaultAccessControlClient.deleteRoleDefinition(KeyVaultRoleScope.GLOBAL, roleDefinitionName);
*
* System.out.printf("Deleted role definition with name '%s'.%n", roleDefinitionName);
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* Managed HSM only supports '/'.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public void deleteRoleDefinition(KeyVaultRoleScope roleScope, String roleDefinitionName) {
deleteRoleDefinitionWithResponse(roleScope, roleDefinitionName, Context.NONE);
}
/**
* Deletes a {@link KeyVaultRoleDefinition role definition}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleDefinition role definition}. Prints out the details of the
* {@link Response HTTP response}.
*
*
* String myRoleDefinitionName = "6b2d0b58-4108-44d6-b7e0-4fd02f77fe7e";
* Response<Void> response =
* keyVaultAccessControlClient.deleteRoleDefinitionWithResponse(KeyVaultRoleScope.GLOBAL, myRoleDefinitionName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role definition with name '%s' was deleted.%n",
* response.getStatusCode(), myRoleDefinitionName);
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleDefinition role definition}.
* @param roleDefinitionName The name of the {@link KeyVaultRoleDefinition role definition}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} or {@link String roleDefinitionName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response deleteRoleDefinitionWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionName,
Context context) {
validateRoleDefinitionParameters(roleScope, roleDefinitionName);
try {
context = enableSyncRestProxy(context);
Response roleDefinitionResponse = clientImpl.getRoleDefinitions()
.deleteWithResponse(vaultUrl, roleScope.toString(), roleDefinitionName,
context);
return new SimpleResponse<>(roleDefinitionResponse, null);
} catch (KeyVaultErrorException e) {
KeyVaultAdministrationException mappedException = KeyVaultAdministrationUtils
.toKeyVaultAdministrationException(e);
return swallowExceptionForStatusCodeSync(404, mappedException, LOGGER);
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Get all {@link KeyVaultRoleAssignment role assignments} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* Code Samples
* Lists all {@link KeyVaultRoleAssignment role assignments}. Prints out the details of the retrieved
* {@link KeyVaultRoleAssignment role assignments}.
*
*
* PagedIterable<KeyVaultRoleAssignment> roleAssignments =
* keyVaultAccessControlClient.listRoleAssignments(KeyVaultRoleScope.GLOBAL);
*
* roleAssignments.forEach(roleAssignment ->
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope scope} of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleAssignment role assignments} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable listRoleAssignments(KeyVaultRoleScope roleScope) {
return listRoleAssignments(roleScope, Context.NONE);
}
/**
* Get all {@link KeyVaultRoleAssignment role assignments} that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* Code Samples
* Lists all {@link KeyVaultRoleAssignment role assignments}. Prints out the details of the retrieved
* {@link KeyVaultRoleAssignment role assignments}.
*
*
* PagedIterable<KeyVaultRoleAssignment> keyVaultRoleAssignments =
* keyVaultAccessControlClient.listRoleAssignments(KeyVaultRoleScope.GLOBAL, new Context("key1", "value1"));
*
* keyVaultRoleAssignments.forEach(roleAssignment ->
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName()));
*
*
*
* @param roleScope The {@link KeyVaultRoleScope scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link PagedIterable} containing the {@link KeyVaultRoleAssignment role assignments} for the given
* {@link KeyVaultRoleScope roleScope}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} is {@code null}.
*/
@ServiceMethod(returns = ReturnType.COLLECTION)
public PagedIterable listRoleAssignments(KeyVaultRoleScope roleScope, Context context) {
final Context contextToUse = enableSyncRestProxy(context);
return new PagedIterable<>(
() -> listRoleAssignmentsFirstPage(vaultUrl, roleScope, contextToUse),
continuationToken -> listRoleAssignmentsNextPage(continuationToken, context));
}
/**
* Lists all {@link KeyVaultRoleAssignment role assignments} in the first page that are applicable at the given
* {@link KeyVaultRoleScope role scope} and above.
*
* @param vaultUrl The URL for the Key Vault this client is associated with.
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleAssignment role assignments}
* in the given {@link KeyVaultRoleScope role scope} from the first page of results.
*
* @throws KeyVaultAdministrationException If the given {@code vaultUrl} or {@code roleScope} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope} is {@code null}.
*/
PagedResponse listRoleAssignmentsFirstPage(String vaultUrl,
KeyVaultRoleScope roleScope,
Context context) {
Objects.requireNonNull(roleScope,
String.format(KeyVaultErrorCodeStrings.PARAMETER_REQUIRED, "'roleScope'"));
try {
PagedResponse roleAssignmentPagedResponse = clientImpl.getRoleAssignments()
.listForScopeSinglePage(vaultUrl, roleScope.toString(), null,
context);
return KeyVaultAdministrationUtil.transformRoleAssignmentsPagedResponse(roleAssignmentPagedResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Lists all {@link KeyVaultRoleAssignment role assignments} given by the {@code nextPageLink} that was
* retrieved from a call to {@link KeyVaultAccessControlClient#listRoleAssignments(KeyVaultRoleScope)}.
*
* @param continuationToken The {@link PagedResponse#getContinuationToken() continuationToken} from a previous,
* successful call to one of the {@code listKeyVaultRoleAssignments} operations.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link PagedResponse} of {@link KeyVaultRoleAssignment role assignments}
* for the given {@link KeyVaultRoleScope role scope} from the first page of results.
*
* @throws KeyVaultAdministrationException If the given {@code continuationToken} is invalid.
*/
PagedResponse listRoleAssignmentsNextPage(String continuationToken, Context context) {
try {
PagedResponse roleAssignmentPagedResponse = clientImpl.getRoleAssignments()
.listForScopeNextSinglePage(continuationToken, vaultUrl,
context);
return KeyVaultAdministrationUtil.transformRoleAssignmentsPagedResponse(roleAssignmentPagedResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment} with a randomly generated name.
*
* Code Samples
* Creates a {@link KeyVaultRoleAssignment role assignment} with a randomly generated name. Prints out the
* details of the created {@link KeyVaultRoleAssignment role assignment}.
*
*
* String roleDefinitionId = "b0b43a39-920c-475b-b34c-32ecc2bbb0ea";
* String servicePrincipalId = "169d6a86-61b3-4615-ac7e-2da09edfeed4";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, roleDefinitionId,
* servicePrincipalId);
*
* System.out.printf("Created role assignment with randomly generated name '%s' for principal with id '%s'.%n",
* roleAssignment.getName(), roleAssignment.getProperties().getPrincipalId());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
*
* @return A {@link Mono} containing the created {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope}, {@code roleDefinitionId} or
* {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope}, {@link String roleDefinitionId} or
* {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleAssignment createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId,
String principalId) {
return createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId, UUID.randomUUID().toString(),
Context.NONE).getValue();
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Creates a {@link KeyVaultRoleAssignment role assignment}. Prints out the details of the created
* {@link KeyVaultRoleAssignment role assignment}.
*
*
* String myRoleDefinitionId = "c7d4f70f-944d-494a-a73e-ff62fe7f04da";
* String myServicePrincipalId = "4196fc8f-7312-46b9-9a08-05bf44fdff37";
* String myRoleAssignmentName = "d80e9366-47a6-4f42-ba84-f2eefb084972";
* KeyVaultRoleAssignment myRoleAssignment =
* keyVaultAccessControlClient.createRoleAssignment(KeyVaultRoleScope.GLOBAL, myRoleDefinitionId,
* myServicePrincipalId, myRoleAssignmentName);
*
* System.out.printf("Created role assignment with name '%s' for principal with id '%s'.%n",
* myRoleAssignment.getName(), myRoleAssignment.getProperties().getPrincipalId());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
*
* @return The created {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* already exists or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleAssignment createRoleAssignment(KeyVaultRoleScope roleScope, String roleDefinitionId,
String principalId, String roleAssignmentName) {
return createRoleAssignmentWithResponse(roleScope, roleDefinitionId, principalId, roleAssignmentName,
Context.NONE).getValue();
}
/**
* Creates a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Creates a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response} and the created {@link KeyVaultRoleAssignment role assignment}.
*
*
* String someRoleDefinitionId = "11385c39-5efa-4e5f-8748-055aa51d4d23";
* String someServicePrincipalId = "eab943f7-a204-4434-9681-ef2cc0c85b51";
* String someRoleAssignmentName = "4d95e0ea-4808-43a4-b7f9-d9e61dba7ea9";
*
* Response<KeyVaultRoleAssignment> response =
* keyVaultAccessControlClient.createRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, someRoleDefinitionId,
* someServicePrincipalId, someRoleAssignmentName, new Context("key1", "value1"));
* KeyVaultRoleAssignment createdRoleAssignment = response.getValue();
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' for principal with"
* + "id '%s' was created.%n", response.getStatusCode(), createdRoleAssignment.getName(),
* createdRoleAssignment.getProperties().getPrincipalId());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}
* to create.
* @param roleAssignmentName The name used to create the {@link KeyVaultRoleAssignment role assignment}. It can be
* any valid UUID.
* @param roleDefinitionId The {@link KeyVaultRoleDefinition role definition} ID for the role assignment.
* @param principalId The principal ID assigned to the role. This maps to the ID inside the Active Directory.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Mono} containing a {@link Response} whose {@link Response#getValue() value} contains the created
* {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given
* name already exists or if the given {@code roleScope}, {@code roleDefinitionId} or {@code principalId} are
* invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope role scope}, {@link String roleAssignmentName},
* {@link String roleDefinitionId} or {@link String principalId} are {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response createRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleDefinitionId,
String principalId,
String roleAssignmentName,
Context context) {
RoleAssignmentCreateParameters parameters = validateAndGetRoleAssignmentCreateParameters(roleScope, roleDefinitionId, principalId, roleAssignmentName);
context = enableSyncRestProxy(context);
try {
Response roleAssignmentResponse = clientImpl.getRoleAssignments()
.createWithResponse(vaultUrl, roleScope.toString(), roleAssignmentName, parameters,
context);
return KeyVaultAdministrationUtil.transformRoleAssignmentResponse(roleAssignmentResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the retrieved
* {@link KeyVaultRoleAssignment role assignment}.
*
*
* String roleAssignmentName = "06d1ae8b-0791-4f02-b976-f631251f5a95";
* KeyVaultRoleAssignment roleAssignment =
* keyVaultAccessControlClient.getRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Retrieved role assignment with name '%s'.%n", roleAssignment.getName());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @return The {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public KeyVaultRoleAssignment getRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) {
return getRoleAssignmentWithResponse(roleScope, roleAssignmentName, Context.NONE).getValue();
}
/**
* Gets a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response} and the retrieved {@link KeyVaultRoleAssignment role assignment}.
*
*
* String myRoleAssignmentName = "b4a970d5-c581-4760-bba5-61d3d5aa24f9";
* Response<KeyVaultRoleAssignment> response =
* keyVaultAccessControlClient.getRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was retrieved.%n",
* response.getStatusCode(), response.getValue().getName());
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return The {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If a {@link KeyVaultRoleAssignment role assignment} with the given name
* cannot be found or if the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response getRoleAssignmentWithResponse(KeyVaultRoleScope roleScope,
String roleAssignmentName, Context context) {
validateRoleAssignmentParameters(roleScope, roleAssignmentName);
try {
context = enableSyncRestProxy(context);
Response roleAssignmentResponse = clientImpl.getRoleAssignments()
.getWithResponse(vaultUrl, roleScope.toString(), roleAssignmentName,
context);
return KeyVaultAdministrationUtil.transformRoleAssignmentResponse(roleAssignmentResponse);
} catch (KeyVaultErrorException e) {
throw LOGGER.logExceptionAsError(KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e));
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
*
* String roleAssignmentName = "c3ed874a-64a9-4a87-8581-2a1ad84b9ddb";
*
* keyVaultAccessControlClient.deleteRoleAssignment(KeyVaultRoleScope.GLOBAL, roleAssignmentName);
*
* System.out.printf("Deleted role assignment with name '%s'.%n", roleAssignmentName);
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public void deleteRoleAssignment(KeyVaultRoleScope roleScope, String roleAssignmentName) {
deleteRoleAssignmentWithResponse(roleScope, roleAssignmentName, Context.NONE);
}
/**
* Deletes a {@link KeyVaultRoleAssignment role assignment}.
*
* Code Samples
* Deletes a {@link KeyVaultRoleAssignment role assignment}. Prints out details of the
* {@link Response HTTP response}.
*
*
* String myRoleAssignmentName = "8ac293e1-1ac8-4a71-b254-7caf9f7c2646";
* Response<Void> response =
* keyVaultAccessControlClient.deleteRoleAssignmentWithResponse(KeyVaultRoleScope.GLOBAL, myRoleAssignmentName,
* new Context("key1", "value1"));
*
* System.out.printf("Response successful with status code: %d. Role assignment with name '%s' was deleted.%n",
* response.getStatusCode(), myRoleAssignmentName);
*
*
*
* @param roleScope The {@link KeyVaultRoleScope role scope} of the {@link KeyVaultRoleAssignment role assignment}.
* @param roleAssignmentName The name of the {@link KeyVaultRoleAssignment role assignment}.
* @param context Additional context that is passed through the HTTP pipeline during the service call.
*
* @return A {@link Response} with a {@link Void} value.
*
* @throws KeyVaultAdministrationException If the given {@code roleScope} is invalid.
* @throws NullPointerException If the {@link KeyVaultRoleScope roleScope} or {@link String roleAssignmentName} are
* {@code null}.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Response deleteRoleAssignmentWithResponse(KeyVaultRoleScope roleScope, String roleAssignmentName,
Context context) {
validateRoleAssignmentParameters(roleScope, roleAssignmentName);
try {
context = enableSyncRestProxy(context);
Response roleAssignmentResponse = clientImpl.getRoleAssignments()
.deleteWithResponse(vaultUrl, roleScope.toString(), roleAssignmentName,
context);
return new SimpleResponse<>(roleAssignmentResponse, null);
} catch (KeyVaultErrorException e) {
KeyVaultAdministrationException mappedException = KeyVaultAdministrationUtils.toKeyVaultAdministrationException(e);
return swallowExceptionForStatusCodeSync(404, mappedException, LOGGER);
} catch (RuntimeException e) {
throw LOGGER.logExceptionAsError(e);
}
}
}